#! /bin/bash

echo -e "\nMy Iptables rules initilizing ..."

IPT="/sbin/iptables"
IPTABLES="filter nat mangle"

INT_IFACE="eth0"
LO_IFACE="lo"

INT_ADDR=$( ifconfig eth0 | awk '/inet addr:/ { print substr($2, 6) }' )
LO_ADDR="127.0.0.1"

if [[ -z $INT_ADDR ]];then
	echo "$INT_IFACE not configured with an ip address, aborting ..."
	exit
fi

echo "0" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route

# Initialize all chains
for TAB in $IPTABLES
do
	$IPT -t $TAB -F
	$IPT -t $TAB -X
	$IPT -t $TAB -Z
done

# Default Policy

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP

# allowed
$IPT -A INPUT -p all -d $INT_ADDR -m state \
	--state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -p all -i $LO_IFACE -s $LO_ADDR -j ACCEPT
$IPT -A INPUT -p all -i $LO_IFACE -s $INT_ADDR -j ACCEPT

echo -e "My Iptables rules initilized ... \n"
